Introduction
This policy sets out the services provided by Barbara Bradbury and Halland Solutions Limited, details of the personal data we collect and how it is used. We act as both a Controller and Processor of client data, and are responsible for that data as laid out in this policy.
We are committed to complying with E.U. and U.K. data protection laws* to the extent that they apply to our use of personal information. We expect Sub-Processors and Associates of Halland Solutions Ltd to demonstrate a similar level of commitment to data protection obligations.
Definitions
Controller: The Controller transfers personal data
Processor: The Processor receives and manages data
Sub-Processor: Third party providers with whom we share data to provide our services to you
Personal Data: Information regarding personal, identifying details
Customer Data: Data related to purchase of services
Communication Data: Communication that is received from clients through email or post
Sensitive Data: Personal information that includes details of race, ethnicity, sexual orientation, religious beliefs, political opinions, gender, philosophical beliefs, trade union membership, health, sex life, genetic and biometric data
Data Protection Principles
Halland Solutions Ltd complies with the following data protection principles:
- We process personal information lawfully, fairly and transparently
- We collect personal information for specified, explicit and legitimate purposes only and will not process it in a way that is incompatible with those legitimate purposes
- We share only relevant personal data with sub-processors in order to provide our services
- We only process personal data that is adequate, relevant and necessary to conduct our business
- We keep accurate and updated personal information and take reasonable steps to delete inaccurate information without delay
- We take appropriate measures to ensure that personal information is kept secure and protected against unauthorised or unlawful processing, and against accidental loss, destruction or damage.
Services Provided
Halland Solutions Limited (trading as Halland Institute) provides the following services to its clients:
- Management Consultancy
- Individual and Team Development
- Coaching and Mentoring
- Clinical Supervision
- Facilitation
- Training
- Speaking Engagements
Data Collection
Personal data:
Halland Solutions Ltd collects and uses personal information (also referred to as data) for a number of specific lawful purposes in the course of our business. Electronic information may include:
- Name
- Email addresses – workplace and personal
- Place of work
- Organisation address
- Role title
- Telephone numbers – workplace and mobile
- Psychometric test results
Following verbal permission from clients, paper records are maintained and securely held, of coaching and mentoring sessions during the active phase of coaching or mentoring, for a maximum of five years post-coaching or mentoring. These are then shredded. These records are held solely by the individual Coach /Mentor for their personal use.
Communication data:
We hold information that clients send us via email and post, for the purposes of communicating with them and for record keeping.
Sensitive data:
We do not collect any sensitive data.
Customer data:
We hold data relating to the purchase of our services, including: company name, contact personnel and titles, billing address, delivery address, email address, telephone number and purchase details. We process this data to supply the services purchased and to keep records of such transactions.
Sub-Processor data share:
Current sub-processors include: Xero, PayPal, OPP, Appraisal 360, JCA Global, Halland Associates. In addition, your data may be shared with auditors, insurers and Government bodies that require us to report processing activities.
Data Processor Obligations
We confirm that we will process personal data and take steps to ensure that any person acting under our authority, who has access to your personal data, does not process your personal data except on our instructions.
We will inform you if, in the Processor’s opinion, any of the instructions regarding the processing of your personal data breach any applicable data protection laws.
We will ensure that all agents and contractors involved in the handling of your personal data are:
- Aware of the confidential nature of your personal data and are contractually bound to keep your personal data confidential
- Have received appropriate training on their responsibilities as a data processor
- Are bound by the terms of this agreement.
Privacy Policy
Our privacy policy is as follows:
- We do not share any personal paper-recorded information we collect on our clients (such as coaching and mentoring records) with any other organisation or individual
- Contact data of clients, including name and given email address are shared with the named sub-processors: OPP, JCA Global, Appraisal 360 to facilitate administration of psychometric tests
- Contact data of client name and overview of services provided are shared with the named sub-processor: Xero, for the purpose of processing invoices; when PayPal is the client choice of payment, contact data of name and overview of service provided is shared
- No personal information will be provided to other parties not listed in this policy except in the unusual event that we are required to do so by law
- By using any sign-up forms on our website, you implicitly agree to be bound by our privacy policy and legal disclaimer
- By using any forms on our website you agree to have your email address added to our mailing list
- By using any forms on our website you are giving us your consent to use your personal data for periodic mailings
- You may receive periodic mailings from us with information on services or news. If you do not wish to receive such mailings, please let us know by contacting us. All emails sent will give you the option to unsubscribe
- We take all reasonable precautions to protect any personal data that our users may input via our website. We cannot, however, be responsible for loss or misuse of personal data that is intercepted or otherwise accessed by unauthorised persons. We therefore exclude all liability for this
- You have the right to ask us for a copy of your personal data and have the right to amend or delete the data.
Privacy Notice
Halland Solutions Ltd will issue a copy of this Data Protection Policy to client organisations when engaging with them for the provision of services at the outset. This is to ensure that they are aware how personal information is held, what data is collected and how it is used.
Individual, private clients will receive a privacy notice to ensure that they are aware how personal information is held, what data is collected and how it is used. We will ensure that a privacy notice provides information that is concise, transparent, intelligible and easily accessible, using clear and plain language.
We will ensure that any updates to the policy or privacy notice are shared with all appropriate personnel.
Data Breaches
A data breach may occur for a number of reasons, such as:
- Loss or theft of data or equipment on which the data is stored
- Unauthorised access to information by a third party
- Loss of data resulting from an equipment or systems failure, including hardware and software
- Human error, such as accidental deletion or alteration of data
- Unforeseen circumstances, such as fire and flood
- Deliberate attacks on IT systems, such as hacking, viruses or phishing scams
- Misappropriation of data by deception.
Halland Solutions Ltd will, upon the incidence of a data breach that is likely to result in a risk to the rights and freedoms of individuals, or jeopardises an organisation:
- Make the required report to the Information Commissioner’s Office without delay and, where possible, within 72 hours of becoming aware of it
- Notify the affected individuals if a data breach requires them to be notified by law.
Individual Right to Know
- We take your privacy seriously and do not share your information with third parties for marketing purposes
- By using any forms on our website you are giving us your consent to use your personal data for periodic mailings
- We will retain your data until you instruct us to remove it or decide to unsubscribe from the mailing list
- Your personal data will be stored until you tell us otherwise
- In case you would like to exercise any of your GDPR related rights (the right to access, rectification, erasure, restriction or processing) please contact us via email: hallandsolutions@gmail.com
- You have the right to lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office, if you are unhappy about the way we hold and use your data
- We will not use personal data for any other purpose than described above.
* Data Protection Act (DPA) 2018 and the General Data Protection Regulation (GDPR) 25 May 2018